Conntrack GRE offload [LWN.net]

From:		Toshiaki Makita <toshiaki.makita1-AT-gmail.com>
To:		"David S. Miller" <davem-AT-davemloft.net>, "Jakub Kicinski" <kuba-AT-kernel.org>, "Saeed Mahameed" <saeedm-AT-nvidia.com>, "Jamal Hadi Salim" <jhs-AT-mojatatu.com>, "Cong Wang" <xiyou.wangcong-AT-gmail.com>, "Jiri Pirko" <jiri-AT-resnulli.us>, "Pablo Neira Ayuso" <pablo-AT-netfilter.org>, "Jozsef Kadlecsik" <kadlec-AT-netfilter.org>, "Florian Westphal" <fw-AT-strlen.de>
Subject:		[PATCH net-next 0/3] Conntrack GRE offload
Date:		Thu, 03 Feb 2022 20:59:38 +0900
Message-ID:		<20220203115941.3107572-1-toshiaki.makita1@gmail.com>
Cc:		Toshiaki Makita <toshiaki.makita1-AT-gmail.com>, netdev-AT-vger.kernel.org, netfilter-devel-AT-vger.kernel.org, coreteam-AT-netfilter.org, Paul Blakey <paulb-AT-nvidia.com>
Archive-link:		Article

Conntrack offload currently only supports TCP and UDP.
Thus TC/nftables/OVS cannot offload GRE packets.

However, GRE is widely used so some users create gre devices in VMs,
and in that case host OVS forwards GRE packets from/to VMs.

In order to offload GRE packets in OVS with stateful firewall support,
we need act_ct GRE offload support.

This patch set adds GRE offload support for act_ct and mlx5 conntrack.
Currently only GREv0 and no NAT support.

- Patch 1: flow_offload/flowtable GRE support.
- Patch 2: act_ct GRE offload support.
- Patch 3: mlx5 conntrack GRE offload support.

Tested with ConnectX-6 Dx 100G NIC and netperf TCP_STREAM.

                      +------------------------------------+
                      |                        +-----------+
                      |                        |(namespace)|
  +---------+         |                        | netserver |
  |         |  wire   +----+  tc   +--------+  +-------+   |
  | netperf |-------->|mlx5|------>|mlx5 rep|--|mlx5 vf|   |
  |         |         +----+       +--------+  +-------+---+
  +---------+         +------------------------------------+

- No offload (TC skip_hw): 8.5 Gbps
- Offload    (act_ct)    : 22 Gbps

Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com>

Toshiaki Makita (3):
  netfilter: flowtable: Support GRE
  act_ct: Support GRE offload
  net/mlx5: Support GRE conntrack offload

 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c |  21 +++--
 net/netfilter/nf_flow_table_core.c                 |  10 +-
 net/netfilter/nf_flow_table_ip.c                   |  54 +++++++++--
 net/netfilter/nf_flow_table_offload.c              |  19 ++--
 net/netfilter/nft_flow_offload.c                   |  13 +++
 net/sched/act_ct.c                                 | 101 ++++++++++++++++-----
 6 files changed, 171 insertions(+), 47 deletions(-)

-- 
1.8.3.1